On May 27, 2014, at 2:38 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Joe Shamblin: >> I am experiencing an issue where hosts that do not have reverse >> DNS see an extended delay (45-60 seconds for ssl or non-ssl >> connections) before they get the initial 220 greeting. Hosts that >> do have properly registered entries get in immediately. I have >> downloaded the source, and the programs that perform the lookups >> gethostbyaddr, etc... all seem to return quickly enough. DNS on >> the machine is also snappy and returns the lack of RDNS quickly. >> Setting smtpd_peername_lookup to no solves the issue, but has other >> ramifications. The server in question is running postfix 2.9.6-1 >> on ubuntu 12.04. A different server with the same configuration >> does not seem to have the issue. Setting the debug_peer for the >> hosts show the same thing for the hosts that experience a delay >> versus those that do not, basically a bunch of match_hostaddr and >> match_hostname calls. Once the initial delay is out of the way, >> everything proceeds as normal. > > Please TURN OFF chroot in master.cf. > > The master.cf entry should look like this: > > smtp inet n - n - - smtpd > > Then do "postfix reload". > > More information: http://www.postfix.org/DEBUG_README.html#no_chroot Yes that did the trick, thanks very much. Though it seems to break sasl authentication without making other changes. I had seen that in the documentation, and as the all caps imply should have payed closer attention, but I did verify that the chroot environment seemed correct as well. As I mentioned I have two hosts running basically the same configuration (except the local hostnames), and one seems to work fine and the other not. I assume that the chrooted environment is slightly preferred due to security. Is there an expedient way to track down where the problem might be with the chrooted environment, or a likely candidate from the information in the first post? Thanks again! Joe -- Joe Shamblin w...@cs.duke.edu Senior IT Analyst Department of Computer Science (919) 660-6582 Duke University
smime.p7s
Description: S/MIME cryptographic signature
